Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 4.15.0
Affects Version/s: 4.10
Component/s: Bare Metal Hardware Provisioning / ironic
Labels:

Severity:
Important
Regression:
None
Story Points:
5
Sprint:
Metal Platform 236, Metal Platform 239, Metal Platform 240, Metal Platform 241, Metal Platform 242, Metal Platform 243, Metal Platform 245, Metal Platform 246
sprint_count:
8
Architecture:

Unspecified
Release Note Text:

Hide
* Previously, when installing {product-title} with the `bootMode` field set to `UEFISecureBoot` on a node where the `secureBoot` field was set to `disabled`, the installation program failed to start. With this update, Ironic has been updated so that you can install {product-title} with `secureBoot` set to `enabled`. (link:https://issues.redhat.com/browse/OCPBUGS-9303[*~~OCPBUGS-9303~~*])

Show
* Previously, when installing {product-title} with the `bootMode` field set to `UEFISecureBoot` on a node where the `secureBoot` field was set to `disabled`, the installation program failed to start. With this update, Ironic has been updated so that you can install {product-title} with `secureBoot` set to `enabled`. (link: https://issues.redhat.com/browse/OCPBUGS-9303 [* OCPBUGS-9303 *])
Release Note Type:
Release Note
Internal Whiteboard:
Latest Status Summary:
9/13: u/s patch finalized & under review
Target Version:

4.15.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:
If secure boot is currently disabled, and user attempts to enable it via ZTP, install will not begin the first time ZTP was triggered.

When secure boot is enabled viz ZTP, then boot options will be configured before virtual CD was attached, thus first boot will be booting into existing HD with secure boot on. Install will then get stuck because boot from CD was never triggered.

Version-Release number of selected component (if applicable):
4.10

How reproducible:
Always

Steps to Reproduce:
1. Secure boot is currently disabled in bios
2. Attempt to deploy a cluster with secure boot enabled via ZTP
3.

Actual results:

spoke cluster got booted with secure boot option toggled, into existing HD
spoke cluster did not boot into virtual CD, thus install never started.
agentclusterinstall gets stuck here:
State: insufficient
State Info: Cluster is not ready for install

Expected results:

installation started and completed successfully

Additional info:

Secure boot config used in ZTP siteconfig:
http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3000/kni-qe/ztp-site-configs/src/ff814164cdcd355ed980f1edf269dbc2afbe09aa/siteconfig/master-2.yaml#L40

is cloned by

OCPBUGS-19884 [4.14] Install does not begin if secure boot was enabled for the first time

Closed

is depended on by

OCPBUGS-19884 [4.14] Install does not begin if secure boot was enabled for the first time

Closed

is duplicated by

OCPBUGS-8434 Secure boot - bmh provisioning error with secure boot enabled

Closed

links to

openshift/ironic-image#403: OCPBUGS-9303: update Ironic to include secure boot fixes

openshift/ironic-image#435: OCPBUGS-9303: include the secure boot retry

RHSA-2023:7198 OpenShift Container Platform 4.15 security update

(1 links to)

Assignee:: Dmitry Tantsur

Reporter:: Yang Liu

QA Contact:: Periyamaruthu Mohanraj

Contributing Groups:: Red Hat Employee

Votes:: 0 Vote for this issue

Watchers:: 21 Start watching this issue

Created:: 2022/06/04 12:33 AM

Updated:: 2024/02/27 9:04 PM

Resolved:: 2024/02/27 9:04 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates